h a l f b a k e r yCeci n'est pas une idée.
add, search, annotate, link, view, overview, recent, by name, random
news, help, about, links, report a problem
browse anonymously,
or get an account
and write.
register,
|
|
|
Please log in.
Before you can vote, you need to register.
Please log in or create an account.
|
I just got a wireless card not too long ago, and tried out netstumbler to see how many networks it could see. I was surprised to see three from my apartment alone. I left my computer turned on while driving to a friends', about 100 miles away. I expected the little "found new network" chime to go
off maybe 100 times during that trip. It went off THREE THOUSAND TIMES. There are wireless networks *everywhere*, most unsecured, and most modern laptops have wireless network cards to communicate with them. Creating a tracking device for a stolen laptop is as simple as a piece of software that sends a tiny identification packet to a server every time it finds a new network connection. No real cost involved except the software.
I imagine most thieves are just opportunistic, and will turn on the laptop at some point (or neglect to turn it off while stealing it). It will connect to the nearest open network and identify itself to the server, which can then track the laptop by geolocating IPs.
I think some things exist like this already? Even better, to prevent thwarting this by removing the hard drive, you could have a card inside, less complex than a USB keydrive, that looks like a hard drive to the computer and contains a bootloader. It would load the theft protection software into memory and then boot the main hard drive's bootloader? Not sure if that's possible.
A knowledgeable thief would turn off the computer immediately and never turn it on again until the computer was disassembled, so you could make it send out the packets even while off? But then they could remove the battery. Anyway, I think it would help find laptops stolen by the typical bumbling criminal.
I am going to try to figure out how to implement something like this for my own computer. Since it's unique to me, I have the added benefit of security through obscurity. (Except not so obscure now that I've told the entire Internet!)
Berkeley laptop thief is scared out of his wits by professor
http://www.boingboi...ey_laptop_thie.html (via BoingBoing) [Dub, Jul 20 2006]
PCPhoneHome
http://www.pcphonehome.com/ "secretly send an invisible email message to an email address of your choice containing the physical location of your computer every time you get an Internet connection." Add netstumbling and baked. [BunsenHoneydew, Jul 20 2006]
[link]
|
|
one, i know of at least one program that
will display a "this computer has been
stolen" across the screen and lock
everything down when certain criteria
haven't been met. it then emails its
parent service with its believed location,
and the service then contacts the
authorities. |
|
|
two, i'd rather let someone steal my
computer than install this bloated
invasion of privacy on it. it violates the
privacy of the computer owner, because
it could be used at any time to find their
location, and it violates the privacy of
the network owners because of the
infrastructure that needs to be in place
for this to work. |
|
|
third, any thief stealing a computer
could just pull the wireless card out
until he has a chance to wipe the
system. there isn't much that can stand
up to a full disk wipe, and this security
program probably isn't something that
can. this would only work as long as it's
unknown, and security through
obsfucation isn't security at all. |
|
|
// and security through obsfucation isn't security at all. |
|
|
once someone has discovered a way
around it, it is no longer even given a
semblance of security. base your
security
on encryption, and even if someone
knows
what the encryption routine used was,
they
won't necessarily be able to crack the
code. |
|
|
do you remember that whole kryptonite
bike like fiasco a couple of years ago? it
used to be that anyone figuring that out
would have a pretty limited ability to
spread that info. with the internet, once
the security has been broken, anybody
can find out about it with a few key
presses. |
|
|
you still haven't addressed my more
pressing concerns about privacy
though. |
|
|
i think [dub]'s link is better than the idea
it's posted to. |
|
|
// if someone knows what the encryption routine used was |
|
|
Hence my comment. You're improperly applying crypto-nerd logic to a real-world object being stolen by a real-world criminal. |
|
|
If you leave your bike sitting on a street with few witnesses around, it's going to get stolen. If you leave it behind some garbage cans in an alley, but otherwise in a publicly accessible area with few witnesses, it's less likely to get stolen. Security through obscurity. |
|
|
[tron], when you talk about computer
security through obscurity, you're often
relying on weak encryption that is made
slightly stronger by the fact that no one
knows what it is. as soon as the identity
of the encryption is discovered, you've
nothing left. obscurity is a crutch, and a
weak one at that. |
|
|
you leave your bike sitting on a street
with few witnesses but a sturdy bike
lock, and it's likely going to be their
when you get back. you leave your bike
sitting behind some trash cans and
someone even a little curious comes by,
you've lost your security and that piece
of string attached to the bike won't do
shit in stopping them. |
|
|
// when you talk about computer security through obscurity, you're often relying on weak encryption that is made slightly stronger by the fact that no one knows what it is. |
|
|
Yes, that's what it means. |
|
|
This isn't encryption; this is anti-theft. |
|
|
but if the anti-theft device is easy to
remove, it's completely and utterly useless. |
|
| |